diff --git a/solutions/security/advanced-entity-analytics/asset-criticality.md b/solutions/security/advanced-entity-analytics/asset-criticality.md index 030a411fd8..1e599bb50f 100644 --- a/solutions/security/advanced-entity-analytics/asset-criticality.md +++ b/solutions/security/advanced-entity-analytics/asset-criticality.md @@ -30,7 +30,7 @@ For example, you can assign **Extreme impact** to business-critical entities, or ## View and assign asset criticality [_view_and_assign_asset_criticality] -Entities do not have a default asset criticality level. You can either assign asset criticality to your entities individually, or [bulk assign](#bulk-assign-asset-criticality) it to multiple entities by importing a text file. Alternatively, you can assign and manage asset criticality records through the [*Asset criticality API*](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-entity-analytics-api). +Entities do not have a default asset criticality level. You can either assign asset criticality to your entities individually, or [bulk assign](#bulk-assign-asset-criticality) it to multiple entities by importing a text file. Alternatively, you can assign and manage asset criticality records through the [Asset criticality API](https://www.elastic.co/docs/api/doc/kibana/group/endpoint-security-entity-analytics-api). When you assign, change, or unassign an individual entity’s asset criticality level, that entity’s risk score is immediately recalculated. diff --git a/solutions/security/detect-and-alert.md b/solutions/security/detect-and-alert.md index 8832b830c5..e67c33d0f9 100644 --- a/solutions/security/detect-and-alert.md +++ b/solutions/security/detect-and-alert.md @@ -106,6 +106,6 @@ To learn how your rules and alerts are affected by using the [logsdb index mode] Utilize the [Detection-as-Code](https://dac-reference.readthedocs.io/en/latest/dac_concept_and_workflows.html) (DaC) principles to externally manage your detection rules. -The {{elastic-sec}} Labs team uses the [detection-rules](https://github.com/elastic/detection-rules) repo to develop, test, and release {{elastic-sec}}'s[ prebuilt rules](https://github.com/elastic/detection-rules/tree/main/rules). The repo provides DaC features and allows you to customize settings to simplify the setup for managing user rules with the DaCe pipeline. +The {{elastic-sec}} Labs team uses the [detection-rules](https://github.com/elastic/detection-rules) repo to develop, test, and release {{elastic-sec}}'s[ prebuilt rules](https://github.com/elastic/detection-rules/tree/main/rules). The repo provides DaC features and allows you to customize settings to simplify the setup for managing user rules with the DaC pipeline. To get started, refer to the [DaC documentation](https://github.com/elastic/detection-rules/blob/main/README.md#detections-as-code-dac). diff --git a/solutions/security/detect-and-alert/suppress-detection-alerts.md b/solutions/security/detect-and-alert/suppress-detection-alerts.md index e2c66c65df..84dd278487 100644 --- a/solutions/security/detect-and-alert/suppress-detection-alerts.md +++ b/solutions/security/detect-and-alert/suppress-detection-alerts.md @@ -131,6 +131,7 @@ With alert suppression, detection alerts aren’t created for the grouped source :::{image} /solutions/images/security-timeline-button.png :alt: Investigate in timeline button + :width: 350px :screenshot: ::: diff --git a/solutions/security/detect-and-alert/view-detection-alert-details.md b/solutions/security/detect-and-alert/view-detection-alert-details.md index 849bee0166..39cf16dc62 100644 --- a/solutions/security/detect-and-alert/view-detection-alert-details.md +++ b/solutions/security/detect-and-alert/view-detection-alert-details.md @@ -335,6 +335,7 @@ The **Response** section is located on the **Overview** tab in the right panel. :::{image} /solutions/images/security-response-action-rp.png :alt: Response section of the Overview tab +:width: 550px :screenshot: ::: diff --git a/solutions/security/investigate/open-manage-cases.md b/solutions/security/investigate/open-manage-cases.md index dc03106fd3..3c3773d116 100644 --- a/solutions/security/investigate/open-manage-cases.md +++ b/solutions/security/investigate/open-manage-cases.md @@ -46,7 +46,7 @@ Open a new case to keep track of security issues and share their details with co :screenshot: ::: -% This wasn't in the Serverless docs. Might be an ESS-only feature. +% Check with Lisa if email notifications is an ESS-only feature. Not in Serverless docs: https://www.elastic.co/guide/en/serverless/current/security-cases-open-manage.html ## Add email notifications [cases-ui-notifications] @@ -156,7 +156,7 @@ To upload files to a case, click the **Files** tab: You can set file types and sizes by configuring your [{{kib}} case settings](kibana://reference/configuration-reference/cases-settings.md). -% The following note was grabbed from the Serverless docs. Check if this is Serverless only or if it's for both. +% Check with Lisa whether following note is only applicable to Serverless or if it's for ESS too. ::::{note} There is a 10 MiB size limit for images. For all other MIME types, the limit is 100 MiB. @@ -254,7 +254,8 @@ Go to the **Similar cases** tab to access other cases with the same observables. Each case has a universally unique identifier (UUID) that you can copy and share. To copy a case’s UUID to a clipboard, go to the Cases page and select **Actions** → **Copy Case ID** for the case you want to share. Alternatively, go to a case’s details page, then from the **More actions** menu (…​), select **Copy Case ID**. :::{image} /solutions/images/security-cases-copy-case-id.png -:alt: Copy Case ID option in More actions menu 30% +:alt: Copy Case ID option in More actions menu +:width: 250px :screenshot: :::